Operating System:

[Debian]

Published:

24 December 2015

Protect yourself against future threats.

//Service

Phishing Take-Down

Drawing on our strong international CERT relationships we have a high success rate in delivering phishing take-downs.

Read more
Resources > Security Bulletins > ESB-2015.3240 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2015.3240
                          libxml2 security update
                             24 December 2015

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libxml2
Publisher:         Debian
Operating System:  Debian GNU/Linux 7
                   Debian GNU/Linux 8
Impact/Access:     Access Confidential Data -- Remote with User Interaction
                   Denial of Service        -- Remote with User Interaction
Resolution:        Patch/Upgrade
CVE Names:         CVE-2015-8317 CVE-2015-8241 CVE-2015-8035
                   CVE-2015-7942 CVE-2015-7941 CVE-2015-7500
                   CVE-2015-7499 CVE-2015-7498 CVE-2015-7497
                   CVE-2015-5312 CVE-2015-1819 

Reference:         ESB-2015.3057
                   ESB-2015.1927

Original Bulletin: 
   http://www.debian.org/security/2015/dsa-3430

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- - -------------------------------------------------------------------------
Debian Security Advisory DSA-3430-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
December 23, 2015                     https://www.debian.org/security/faq
- - -------------------------------------------------------------------------

Package        : libxml2
CVE ID         : CVE-2015-1819 CVE-2015-5312 CVE-2015-7497 CVE-2015-7498 
                 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942
                 CVE-2015-8035 CVE-2015-8241 CVE-2015-8317
Debian Bug     : 782782 782985 783010 802827 803942 806384

Several vulnerabilities were discovered in libxml2, a library providing
support to read, modify and write XML and HTML files. A remote attacker
could provide a specially crafted XML or HTML file that, when processed
by an application using libxml2, would cause that application to use an
excessive amount of CPU, leak potentially sensitive information, or
crash the application.

For the oldstable distribution (wheezy), these problems have been fixed
in version 2.8.0+dfsg1-7+wheezy5.

For the stable distribution (jessie), these problems have been fixed in
version 2.9.1+dfsg1-5+deb8u1.

For the testing distribution (stretch), these problems have been fixed
in version 2.9.3+dfsg1-1 or earlier versions.

For the unstable distribution (sid), these problems have been fixed in
version 2.9.3+dfsg1-1 or earlier versions.

We recommend that you upgrade your libxml2 packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJWep78AAoJEAVMuPMTQ89E4woQAJn6zU515xEJPsS6VyCcXa8K
9FwfpWG7AE2aM4QcvNALBARGXzREv9/VjankMaZ7TCcCu545PCH984lKQGTve7Wy
xcXCTfGAfhV1dsNT5TbD5FbQGNblFdtNEFzYe2K78XN4+YhaSfkgf8dMzc4ZTrlv
+RqUNF04bYta6Fbk7dmkQLdU090AzdgYRo3D9B8ITRU/dX0VpPGdZYkXCCAdHcjZ
oqtMM94ccSMGfAGYdv/MppA873ABCcrLctdJMe0o+FkK0aku59b7eDoegJTwLsgq
R3Q/6lr3oRHPpQAUDOEluAKssKCAWfxDtFOTkV8nnZgeW0p7KT1xjLSeRzoJENVq
7iUHSvCHrJK/3OCwdIA46HCYnWHsOO6C0+GaPSxCqv8bS+ugZVHG5imltQEd389O
ZSk0qfgh1p4tMDj9kQGX4w8HMu2+p7n0Y88ahIkeQLhJ/2Za5f9Q9vlFUe7G+hAa
KEj7Uhy2hf9So5E0n1NWqiOTg+yHYFE1A3Xct9UCb3Ms59785UgXtuRmtkbKmwS2
Qq4ZuLkZnZ9ie4GjRjQ1ho8xOiu+52/Z1UaH3gzq/7mDVe824UO+Tp4tWGoLotR2
OOfUeB4rwxprdPqmhjLnwEqyv3LYjFxZp0kJuVCelkVWX/7iwM3pq5ywQN3pmBVz
rMwAmJi8BkVrzA0E2vep
=++B/
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBVntD0H6ZAP0PgtI9AQKI5w/+PJyusnMbGrEoizhhOoKfDkDn4aTac/Kq
k01th4XDxLlAt2vqv6m/4AjwXcXYfHOMxq8q7D9LQDtuZoCcS/I935bRdi/79BER
7Ya92qv6QEFAKd3e1I3KsrGHrQoM+XgT7lZhOsNoO/FlAVhQUKWlGvJq1DMpiy3V
9oWY3dOVni3F9e7UehGLCGLyC5f0mV6JWF0OKgBCXVEw2iN9mcDd1i3/ZbhHAn6F
nOXmwyXVbZAuTrM3rJzFFv0Apx7GpvdvJ5cTjkoRP73MveYdl6iQ3hcxv2f2tBo3
dydQ0FQmH/oWOHQj4Z/S9T9GBHFfqcWyc6gApjEK17vy+9TmXqopToUFbKtNxUX5
GtepMfPRI2pUsk5tsSdHh2U2R3AJLhwg9p8sdbZmWQ+pUH1xB1YLNToMmTDXIpOf
oqKSPMdWu89G/a2JWiBRWXcOaDV03K4hjUMCgaVh5s6PuZ0AYH/Rad9UZIjVaSMc
H2K9zaaRnNTK7HOs9+W7Ycs73gEZ6tDR+OUENoEruZ5K7yK36Z+e7VyXs6hzEI1u
mR+azNDLcZv8TU/7DyS0IC+OIo606m2yC7LcLiuL2KI8xZKLaDW8aVl3zcps7tg5
1jyO5UPgyJhl4/xl8jMUXsXcRihFIbsH0zMoDHTRWTAHV3c8hR6wXeO/6YrwWNJB
JfQINPO5jN4=
=4KtP
-----END PGP SIGNATURE-----